Release date:
2026-05-28 08:15:24 UTC
Description:
- CVE-2026-20643: fix Navigation API cross-subdomain intercept
(WebKit bug 306050)
- CVE-2026-20665: fix CSP bypass in sandboxed srcdoc iframes
(WebKit bug 304951)
- CVE-2026-20691: fix WebContent process starting local file loads
it cannot access (WebKit bug 306827)
- CVE-2026-28871: fix content served as video/mp2t being loaded as HTML
(WebKit bug 305859)
Updated packages:
-
webkit2gtk3-2.50.6-1.el9_6.tuxcare.els2.x86_64.rpm
sha:2841953292b58b83ca5d29f591952dc3b50ffe4bec2ee15bf378977afcf1f3d5
-
webkit2gtk3-devel-2.50.6-1.el9_6.tuxcare.els2.x86_64.rpm
sha:0153da456c729bf10a016d947297caaa8cf47edca7fd045b27976044a1fda41b
-
webkit2gtk3-jsc-2.50.6-1.el9_6.tuxcare.els2.x86_64.rpm
sha:74f9d041da410f051aa1f351bbcd229dfd4cfbca46e21761b4981617ca61d052
-
webkit2gtk3-jsc-devel-2.50.6-1.el9_6.tuxcare.els2.x86_64.rpm
sha:a81ec7efe5a1c938a35ee5271bcb17c5c8e0133896e511d1d8a06a8f20623dc6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
